Clicky
Last visit was: Sat Jul 05, 2014 3:48 pm
It is currently Sat Jul 05, 2014 3:48 pm

Pharmacy Expressorator (tm)


All times are UTC - 5 hours [ DST ]


 [ 214 posts ]  Go to page Previous  1 ... 11, 12, 13, 14, 15  Next
Author Message
 PostPosted: Fri Jan 05, 2007 4:42 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
mortimer wrote:
Hmm, for some reason I'm getting as far as the Check Out page but it won't automatically fill it in.

Any suggestions?


Well one suggestion is: let me know more details. :)

What browser are you running?

If it's firefox: check the error console / javascript console. What does it say?

What specifically is it doing?

That would be a start. :)

SiL


Top
 Profile  
 PostPosted: Sat Jan 06, 2007 4:54 am   
User avatar
Thank you so much for taking the time to do this over the holiday.
Unfortunately I am having problems with this version, I am using Firefox 1.5.0.9 and get the error message "The requested URL /cart.php was not found on this server." after I have clicked on "order" after pasting the part of the url.
Greasemonkey and formfiller work OK as does the previous version of pharmacy expressorator, any ideas what I could be doing wrong?


Top
  
 PostPosted: Sat Jan 06, 2007 8:36 am   
Spam Investigator
User avatar

Joined: Tue Nov 21, 2006 4:22 pm
Posts: 344
crabby wrote:
Unfortunately I am having problems with this version, I am using Firefox 1.5.0.9 and get the error message "The requested URL /cart.php was not found on this server." after I have clicked on "order" after pasting the part of the url.
Greasemonkey and formfiller work OK as does the previous version of pharmacy expressorator, any ideas what I could be doing wrong?

I'd guess that's one of the old sites that don't use PHP yet. Try the new ones.


Top
 Profile  
 PostPosted: Sat Jan 06, 2007 9:18 am   
User avatar
Yes I have tried 22rx.com 33rx.com and 44rx.com, also tested from a PC with an address that isnt banned (yet lol) and via proxies but still the same.
I was so disappointed that I have resorted to copy/paste the customer details from the expressorator and still made a few orders.


Top
  
 PostPosted: Sat Jan 06, 2007 9:43 am   
New member
User avatar

Joined: Sat Dec 09, 2006 2:43 pm
Posts: 8
I was about to say the same but you neat me to it Crabby.
I'm trying to find another one that's working right now.
SiL, sorry the wife was dragging me out the door to go shopping so I couldn't give more info yesterday.
I'm using FF 2.0.0.1, running through TOR/Vidalia/Privoxy and using the NoScript extension.
It would get as far as the "Checkout" page but would not fill it out with the information. I've had previous versions working
as well as some of the other tools. I'm wondering if I screwed around with a setting somewhere which is the cause.
If I can find another site I'll keep working on it.


Top
 Profile  
 PostPosted: Sat Jan 06, 2007 12:00 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
RayVenn wrote:
crabby wrote:
Unfortunately I am having problems with this version, I am using Firefox 1.5.0.9 and get the error message "The requested URL /cart.php was not found on this server." after I have clicked on "order" after pasting the part of the url.
Greasemonkey and formfiller work OK as does the previous version of pharmacy expressorator, any ideas what I could be doing wrong?

I'd guess that's one of the old sites that don't use PHP yet. Try the new ones.


This is correct and that's why that first step has so many extra notes after it. There is a different retaliators for the "old" versions of this site.

As for the ones that just aren't placing the order: I need to know which site you're testing that on. :)

Thanx for the extra details folks.

SiL

P.S. Wow: we must have pissed someone off with this one. I am seeing a lot more bounces / backscatter today from spams sent using my Blue Security address as the reply-to...


Top
 Profile  
 PostPosted: Sun Jan 07, 2007 5:45 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Heh.

Must have made a dent already. They have again modified. Unfortunately I'm offline for the rest of today but I'll need to investigate some more tomorrow. They are now expecting several new parameters and they are randomly adding a subdirectory to the site itself. They definitely are attempting to protect against these attacks. :)

I expect that these modifications will become quite frequent. They're certainly aware of our attempts. I'm not stopping until they do.

Nice work folks. Lots of downloads of all the Pharmacy Expressorators(TM). Thanx so much for sending the fight back to the asshole spammers.

SiL


Top
 Profile  
 PostPosted: Fri Jan 19, 2007 5:39 pm   
Spam Reporter
User avatar

Joined: Sat May 27, 2006 5:15 am
Posts: 120
A one-line modification is enough to get the script working with the current 22/33/44rx.com sites. They have just moved their pages into an RXS directory so modifying the runme_php.html file as follows will get it working again:

In function startIt (a search on startit in Notepad will take you there on the second search - note I've had to asterisk SiL's "colourful" target ID since this forum replaces it with 'beep' :D):
Quote:
function startIt(){
p_domain=document.formaa.pUrl.value;
window.open('http://'+p_domain,'f*ckyou');
saveDomain(p_domain);
}
add the extra line at the end:
Quote:
function startIt(){
p_domain=document.formaa.pUrl.value;
window.open('http://'+p_domain,'f*ckyou');
saveDomain(p_domain);
p_domain=p_domain + "/RXS";
}
The script should then work. For those not wishing to do the edits, I've uploaded an amended copy of runme_php.html at http://www.mytempdir.com/1175800 but if Pharmacy Express change their folder structure again, just visit the site normally to find the new value and change the p_domain line above accordingly.

Happy ordering! :twisted:


Top
 Profile  
 PostPosted: Sat Jan 20, 2007 6:43 pm   
Spam Reporter
User avatar

Joined: Sat May 27, 2006 5:15 am
Posts: 120
Well it looks like they've ditched the subdirectory idea. The standard script should now work again.


Top
 Profile  
 PostPosted: Sat Jan 20, 2007 8:13 pm   
Getting started
User avatar

Joined: Sun Jan 07, 2007 8:26 pm
Posts: 12
I have javascript enabled for local files through the NoScript Firefox extension.

When I get to step 5 of the script to actually submit the order, I receive a "sorry, your cart is empty" error. If I try to manually submit orders to the site, I never get to the cart; pressing the "order" button doesn't do anything. I'm assuming this is all because I am not allowing javascript for this site ... is this the case?

I am definitely loathe to enable javascript for a website implemented by criminals. I don't have the javascript expertise to assess exactly what is happening when you press the "order" button.

Is it definitely safe to have javascript enabled for these pharmacy express sites? Isn't it possible the spammers could change the javascript at any time to add malicious code? Also, can someone walk me through the process of being able to determine what code is executing when the order button is pressed? If I can actually see the javascript code, I can probably understand what is happening ... I'm just not sure how to get there.

Thanks!

-IAmHe


Top
 Profile  
 PostPosted: Sun Jan 21, 2007 3:23 am   
Spam Reporter
User avatar

Joined: Sat May 27, 2006 5:15 am
Posts: 120
iamhe wrote:
When I get to step 5 of the script to actually submit the order, I receive a "sorry, your cart is empty" error. If I try to manually submit orders to the site, I never get to the cart; pressing the "order" button doesn't do anything.
That is what happened when they started using a subdirectory as per my post above. The 22/33/44rx sites did stop doing this but have now restarted - either update the Expressorator as detailed above or download the updated file.

In my experience, Javascript (and cookies) have never been needed for Pharmacy Express. Javascript can certainly be abused but as long as you avoid IE, such abuse is limited to irritating tricks (like 1,000 popups - which will be blocked by default in Firefox/Opera).


Top
 Profile  
 PostPosted: Mon Jan 22, 2007 2:16 am   
Getting started
User avatar

Joined: Sun Jan 07, 2007 8:26 pm
Posts: 12
I had already made the edit to add the subdirectory when I wrote my query ... however, I just retried it and realized the problem I was having was my own stupid fault: when I was cutting-and-pasting the session ID from the URL, I was including the "&A=3" string (or whatever it was) that was appended at the end. Sorry!

Here's something else though. When I got it working, I made a number of submissions which appeared to be successful. However, I soon reached a point where every submission from that point on generated text that read something like, "Dear So and So, bank reports problem with your card, cannot process your order." I wonder if they're somehow detecting multiple submissions (via log, cookie, or whatever) from one machine. What do you think?

Thanks,

-IAmHe


Top
 Profile  
 PostPosted: Mon Jan 22, 2007 7:30 am   
Getting started
User avatar

Joined: Sun Jan 07, 2007 8:26 pm
Posts: 12
Interesting. It's now five hours later, and I got exactly the same results: I was able to issue three orders, but the fourth one resulted in "Dear, Robert Pierce! Your order can't be processed. Bank reports: Your card cannot be authorized." I wonder what's up with that.

Just as an amusing aside: when the order is placed, you can see that they're not using SSL to place the order (as any reputable online merchant would), so would-be criminals with packet sniffers looking for credit card data would end up culling bogus information. :twisted:


Top
 Profile  
 PostPosted: Mon Jan 22, 2007 7:35 am   
Spam Reporter
User avatar

Joined: Sat May 27, 2006 5:15 am
Posts: 120
iamhe wrote:
However, I soon reached a point where every submission from that point on generated text that read something like, "Dear So and So, bank reports problem with your card, cannot process your order." I wonder if they're somehow detecting multiple submissions (via log, cookie, or whatever) from one machine.
Yes, this happens when they start blocking your IP address. You'll need to switch to using proxies (Tor being one of the best choices since it regularly switches IP addresses, see this thread for details) to continue.


Top
 Profile  
 PostPosted: Mon Jan 22, 2007 10:51 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Just wanted to thank Strikeback for handling all the tech support. :) Your check is in the mail.

I am continuing to monitor these sites because they are making numerous radical modifications to how they process orders. I appreciate people reporting what they find on the modified sites. There's just too many changes for me to make one "catch-all" retaliation.

I fully expect they'll start obfuscating field names soon also. We must have really pissed them off. :)

Thanx folks.

SiL


Top
 Profile  
 [ 214 posts ]  Go to page Previous  1 ... 11, 12, 13, 14, 15  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Red Dwarf, Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008